The present invention pertains to computers communicating over large communication networks, such as the internet or wide area networks (WAN). The invention further relates to communication between computers over a large communication network where a client computer is accessing the network via connections provided by unknown parties or public services, where data transfer security and privacy for the client end-user is a concern.
Virtual Private Network (VPN) is a term to describe various methods used to encrypt, compartmentalize and privatize data by trusted computer systems when transmitted over insecure networks. VPNs create what is called a ‘tunnel’ through the insecure network connecting two or more of the trusted computer systems. Intermediaries in the network are prevented from seeing or tampering with data transmitted through the VPN tunnel, thus protecting the security and integrity of the data transmitted through the VPN. Tunneled and encrypted communication by VPN has traditionally been provided by companies to their employees for company use. The need for encrypting traffic by the general public has not been a focus of the VPN software, service and equipment providers. The creation and availability of numerous wireless hotspots that provide access to the Internet to the general public from public locations has changed the scope of how VPN should be delivered.
The proliferation of wireless hot spots, whether coffee shops giving wireless internet access to their customers or cities that prove such access to their residents, has dramatically increased the number of places from which people can access a main network. Now, the general public also has a need to ensure that their communications are encrypted, but instead of the ‘typical’ VPN deployment of encrypting traffic to and between a company's network(s), the general public would desire to have its traffic encrypted during transit to the Internet. The reason is that publicly provided Internet access links (either wireless or wired) can be monitored by the providers of those links without the knowledge of the end-user who is accessing the service. URLs, email, instant messaging, unencrypted authentication credentials and any other easily detectable traffic generated by the end-user can be monitored, logged, and archived by the local hotspot provider very easily. The end-user generated traffic, especially wireless, is also easily open to interception from a peer host within wireless range or that is accessing the same provider hotspot.